Re: Kernel hangs on regulatory.db X.509 key initialization

From: "Maciej S. Szmigiero" <mail@maciej.szmigiero.name>
To: Dominik Schmidt <dominik@schm1dt.ch>
Cc: linux-wireless@vger.kernel.org, james.morris@microsoft.com
Subject: Re: Kernel hangs on regulatory.db X.509 key initialization
Date: Sun, 17 Feb 2019 13:29:30 +0100	[thread overview]
Message-ID: <0ce6546d-0f1d-922c-0acd-796966c98aab@maciej.szmigiero.name> (raw)
In-Reply-To: <1549746752.q02fowo7n3.astroid@I7-2600.none>

Hi,

On 17.02.2019 10:38, Dominik Schmidt wrote:
> Hi there!
> 
> I'm running a Gentoo Linux on an APU2C2-Board (AMD Jaguar GX-412TC x86_64), with
> an Atheros QCA9882 (ath10k) and an Atheros AR9280 (ath9k) card.
> 
> The kernels after 4.18 do not reach userspace any longer. 

Did you test a more recent kernel like 4.20?

> They just somehow
> "freeze" without emitting any oops or kernel panic. I've tracked the issue
> down to the cfg80211 subsystem and a change in the X.509 parser:
> 
> * If I do not compile cfg80211 into the kernel, it starts perfectly (minus wireless)
> 
> * Bisecting the issue shows that it starts with
> 	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b65c32ec5a942ab3ada93a048089a938918aba7f
> 
> * The last message I see in the logs is this one:
> 	cfg80211: Loading compiled-in X.509 certificates for regulatory database
>   defined at
> 	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/wireless/reg.c#n770
> 
> * If I add another pr_notice to the end of that function, it is never displayed.
> 
> * It seems to get stuck at the call to key_create_or_update, here:
> 	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/net/wireless/reg.c#n735
> 
> * If I throw more pr_notices at key_create_or_update, the last one I see 
>   is before this memset:
> 	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/security/keys/key.c#n843
> 
> * As an additional hindrance, this problem occurs only on the APU2 board,
>   and not when running the same kernel in a Qemu-VM
> 
> Any idea what could be the cause of this, or hints as to how to
> debug this further?

I see that you are using an AMD CPU-based board, with AMD CCP enabled
in your kernel config.

Before my patch, that you bisected your problem to, such configuration
would fail (early) in-kernel X.509 certificate signature verification
as its length wasn't exactly correct.
Now, when this was fixed the CCP RSA implementation actually gets
exercised (however, it works for me without problems on Ryzen).

You can temporarily change CONFIG_CFG80211 in your kernel config to
'm' and compile the kernel with KASAN.
Don't load any wireless modules at startup, this should at least
defer the crash until you load them manually later when the system is
idle and you can monitor it.

If you are lucky KASAN will give you information then where the bug
might be.

> Cheers
> Dominik
> 

Maciej